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DETAILED ACTION 

1. This is a Final Office Action in response to the applicant's communication filed on 
October 21, 2008. 

2. Claim 23-28 and 43-58 have been examined and are pending. 

Response to Arguments 

3 . Applicant's arguments filed on October 2 1 , 2008 have been fully considered but they are 
not persuasive. 

Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a 
general allegation that the claims define a patentable invention without specifically pointing out 
how the language of the claims patentably distinguishes them from the references. 

The applicant argues that the prior in record does teach "encrypting a first item, 
according to an Identifier-Based Encryption, IBE, scheme, in dependence on encryption 
parameters comprising a first encryption key string that identifies said specific individual, and 
public data of a first trusted authority". The examiner disagrees with the applicant's argument 
and analysis. The primary prior art, Appenzeller, teaches Identifier-Based Encryption (0013). 
The encryption disclosed by Appenzeller, defends on first encryption key string that identifies 
said specific individual: 

[private key considered as the first encryption key string; see paragraph 0047: The 
private key generator may generate private keys for each of the multiple users associated 
with that private key generator based on the identities of each of these users. The identity 
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of a user may be represented by any suitable string, number, or symbol. For example, the 
identity of a message recipient may be represented by that user's email address, name, or 
social security number. The user's privileges may be made to automatically expire in 
system 10 by automatically concatenating the current time (e.g., the current day of the 
year and year, the current month, or any other suitable time related date-stamp 
information) with the user's email address. Other information (e.g., credentials such as a 
security clearance) may also be combined with the user's email address or other identity 
to provide enhanced cryptographic services. For clarity, the user's identity will be 
represented herein as the number Q. A suitable mathematical function may be used to 
determine the value of Q suitable for use as an input to the private key generation 
algorithm from a string representation of the user's identity such as the user's email 
address or the user's email address concatenated with other information.] 
and also depends on public data of a first trusted authority: 

[public key of certificate authority or the public parameters from a trusted 
directory service considered as public data of a first trusted authority, see 
paragraph 0082: The sender may then verify the signature on the certificate using the 
certification authority's public key. The public key of the certification authority may be 
built in to the user software, may be accessed on-line by the user software, or may 
otherwise be provided to the users of the system. If desired, certificates may be chained 
together, so that multiple layers of certifying organizations can certify in a hierarchical 
fashion. Either of these two approaches (obtaining the public parameters from a trusted 
directory service over a secure or trusted channel or obtaining the public parameters from 
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an untrusted directory service in the form of a certificate signed by a certification 
authority) or any other suitable approach may be used to ensure that the public 
parameters that the sender receives are in fact those associated with the intended 
organization/receiver.] 

From the above citation and discussion in is clear that Appenzeller discloses "encrypting 
a first item, according to an Identifier-Based Encryption, IBE, scheme, in dependence on 
encryption parameters comprising a first encryption key string that identifies said specific 
individual, and public data of a first trusted authority". Therefore, the applicant's argument is not 
persuasive to overcome the prior arts in record to place the independent claims including their 
corresponding dependent claims in condition for allowance 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claims 23-28 and n43-58 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Appenzeller et al (Hereinafter referred to as, Appenzeller, US Pub No.: 2004/0098589 Al) in 
view Boneh et al. (hereinafter referred to as Boneh, US Pub No.: 2003/0081785 Al). 



As per claim 23: 
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Appenzeller discloses a secure data-provision method for providing target data from a 
data provider to a party purporting to be a specific, professionally-accredited, individual engaged 
by a specific accredited organization, the target data being provided in encrypted form as part of 
a data set; the method comprising: 

encrypting a first item, according to an Identifier-Based Encryption, IBE, scheme, in 
dependence on encryption parameters comprising a first encryption key string that 
identifies said specific individual, and public data of a first trusted authority 
(0047; 0070; 0076; 0079; 0082); and 
encrypting a second item, according to an IBE scheme, in dependence on encryption 
parameters comprising a second encryption key string that identifies said specific 
organization, and public data of a second trusted authority (0047; 0070; 0076; 
0079; 0082; ); and 

forming said data set using at least the encrypted first and second items (0085); 
recovery of the target data in clear requiring decryption of both the first and second items 
(0058; 0068). 

Appenzeller does not explicitly disclose a first trusted authority competent in respect of 
professional accreditations and a second trusted authority competent in respect of accreditations 
of organizations. Boneh, in analogous art, however discloses a first trusted authority competent 
in respect of professional accreditations and a second trusted authority competent in respect of 
accreditations of organizations (0053; 0054). Therefore, it could have been obvious to a person 
having ordinary skill in the art at the time the invention was made to modify the system disclosed 
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by Appenzeller to include a first trusted authority competent in respect of professional 
accreditations and a second trusted authority competent in respect of accreditations of 
organizations. This modification could have been obvious because a person having ordinary skill 
in the art would have been motivated to do so to provide a system of encrypting a first piece of 
information to be sent by a sender to a receiver uses an encryption key generated from a second 
piece of information using a bilinear map and the encryption key are used to encrypt at least a 
portion of the first piece of information to be sent from the sender to the receiver. The bilinear 
map may be symmetric or asymmetric as suggested by Boneh in (0110). 

As per claim 24: 

Appenzeller discloses a method, wherein the first item comprises the target data, and the 
second item comprises the encrypted first item (0047). 

As per claim 25 : 

Appenzeller discloses a method, wherein the first item comprises the target data, and the 
second item comprises a nonce; the first encryption key string comprising, in combination, an 
identifier of said specific individual and said nonce (0020; 0047; 0079). 

As per claim 26: 

Boneh discloses a method, wherein the first item comprises first data, and the second 
item comprises second data; the data set further comprising said target data encrypted using a 
symmetric key that can be formed by using both said first and second data (0010; 0050). 
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As per claim 27: 

Boneh discloses a method, wherein the data set comprises, in addition to said first and 
second items, said target data encrypted using a first symmetric key, the second item comprising 
a second symmetric key, and the first item comprising the first symmetric key encrypted using 
the second symmetric key (0010; 0050). 

As per claim 28: 

Appenzeller discloses a secure data-provision method for providing target data from a 
data provider to a party purporting to be a specific, professionally-accredited, individual engaged 
by a specific accredited organization, the target data being provided in encrypted form as part of 
a data set, the method comprising: 

encrypting a first item using both a first encryption key string that identifies said specific 
individual, and public data of a first trusted authority (0047; 0070; 0076; 0079; 
0082); and 

encrypting a second item using both a second encryption key string that identifies said 
specific organization, and public data of a second trusted authority (0047; 0070; 
0076; 0079; 0082); and 

forming said data set using at least the encrypted first and second items (0085); 

recovery of the target data in clear requiring decryption of both the first and second items 
(0058; 0068). 
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Appenzeller does not explicitly disclose a first trusted authority competent in respect of 
professional accreditations and a second trusted authority competent in respect of accreditations 
of organizations. Boneh, in analogous art, however discloses a first trusted authority competent 
in respect of professional accreditations and a second trusted authority competent in respect of 
accreditations of organizations (0053; 0054). Therefore, it could have been obvious to a person 
having ordinary skill in the art at the time the invention was made to modify the system disclosed 
by Appenzeller to include a first trusted authority competent in respect of professional 
accreditations and a second trusted authority competent in respect of accreditations of 
organizations. This modification could have been obvious because a person having ordinary skill 
in the art would have been motivated to do so to provide a system of encrypting a first piece of 
information to be sent by a sender to a receiver uses an encryption key generated from a second 
piece of information using a bilinear map and the encryption key are used to encrypt at least a 
portion of the first piece of information to be sent from the sender to the receiver. The bilinear 
map may be symmetric or asymmetric as suggested by Boneh in (0110). 

As per claim 43 : 

Appenzeller discloses an apparatus for the secure provision of target data to a party 
purporting to be a specific, professionally-accredited, individual engaged by a specific accredited 
organization, the apparatus comprising an encryption subsystem for generating a data set 
including the target data in encrypted form, the encryption subsystem comprising: 

first encryption means for encrypting a first item, according to an Identifier-Based 
Encryption, IBE, scheme, based on encryption parameters comprising a first 
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encryption key string that identifies said specific individual, and public data of a 

first trusted authority (0047; 0070; 0076; 0079; 0082); 
second encryption means for encrypting a second item, according to an IBE scheme, 

based on encryption parameters comprising a second encryption key string that 

identifies said specific organization, and public data of a second trusted authority 

(0047; 0070; 0076; 0079; 0082); and 
means for forming the data set using at least the encrypted first and second items; the 

recovery of the target data in clear requiring decryption of both the first and 

second items (0058; 0068). 

Appcnzeller does not explicitly disclose a first trusted authority competent in respect of 
professional accreditations and a second trusted authority competent in respect of accreditations 
of organizations. Boneh, in analogous art, however discloses a first trusted authority competent 
in respect of professional accreditations and a second trusted authority competent in respect of 
accreditations of organizations (0053; 0054). Therefore, it could have been obvious to a person 
having ordinary skill in the art at the time the invention was made to modify the system disclosed 
by Appenzeller to include a first trusted authority competent in respect of professional 
accreditations and a second trusted authority competent in respect of accreditations of 
organizations. This modification could have been obvious because a person having ordinary skill 
in the art would have been motivated to do so to provide a system of encrypting a first piece of 
information to be sent by a sender to a receiver uses an encryption key generated from a second 
piece of information using a bilinear map and the encryption key are used to encrypt at least a 
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portion of the first piece of information to be sent from the sender to the receiver. The bilinear 
map may be symmetric or asymmetric as suggested by Boneh in (0110). 

As per claim 44: 

Appenzeller discloses an apparatus, wherein the first item comprises the target data, and 
the second item comprises the encrypted first item (0047). 

As per claim 45: 

Appenzeller discloses an apparatus, wherein the first item comprises the target data, and 
the second item comprises a nonce; the first encryption key string comprising, in combination, an 
identifier of said specific individual and said nonce (0020; 0047; 0079). 

As per claim 46: 

Appenzeller discloses an apparatus, wherein the first item comprises first data, and the 
second item comprises second data; the data set further comprising said target data encrypted 
using a symmetric key that can be formed by using both said first and second data (0010; 0050). 

As per claim 47: 

Appenzeller discloses an apparatus, wherein the data set comprises, in addition to said 
first and second items, said target data encrypted using a first symmetric key, the second item 
comprising a second symmetric key, and the first item comprising the first symmetric key 
encrypted using the second symmetric key (0010; 0050). 
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As per claim 48: 

Appenzeller discloses a computing entity for recovering target data provided in encrypted 
form as part of an data set that comprises first and second encrypted items both of which must be 
decrypted to recover the target data, the first item being encrypted in dependence on encryption 
parameters comprising a first encryption key string that identifies a specific individual and first 
public data, and the second item being encrypted in dependence on a second encryption key 
string that identifies a specific organization and second public data; the entity comprising: 

first means for requesting either a first decryption key corresponding to the first 
encryption key string, or the first item in decrypted form, from a first trusted 
authority and holds first private data related to the first public data, the first means 
being arranged to provide the first encryption key string to the first trusted 
authority when making its request and being further arranged to authenticate the 
entity with the first trusted authority and to receive the first decryption key, or the 
first item, securely from the first trusted authority (0047; 0070; 0076; 0079; 
0082); 

second means for requesting either a second decryption key corresponding to the second 
encryption key string, or the second item in decrypted form, which holds second 
private data related to the second public data, the second means being arranged to 
provide the second encryption key string to the organization when making its 
request and being further arranged to authenticate the entity with the organization 
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and receive the second decryption key, or the second item, from the organization 
(0047; 0070; 0076; 0079; 0082); 
third means for using the first decryption key, or the first item, provided by the first 
trusted authority and the second decryption key, or the second item, provided by 
the organization, to recover the target data (0058; 0068). 

Appenzeller does not explicitly disclose an organization accredited by a second trusted 
authority. Boneh, in analogous art, however discloses an organization accredited by a second 
trusted authority (0053; 0054). Therefore, it could have been obvious to a person having ordinary 
skill in the art at the time the invention was made to modify the system disclosed by Appenzeller 
to include an organization accredited by a second trusted authority. This modification could have 
been obvious because a person having ordinary skill in the art would have been motivated to do 
so to provide a system of encrypting a first piece of information to be sent by a sender to a 
receiver uses an encryption key generated from a second piece of information using a bilinear 
map and the encryption key are used to encrypt at least a portion of the first piece of information 
to be sent from the sender to the receiver. The bilinear map may be symmetric or asymmetric as 
suggested by Boneh in (01 10). 

As per claim 49: 

Appenzeller discloses a computing entity, wherein the second means is arranged to 
receive the second decryption key, or the second item, securely from the organization (0047). 
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As per claim 50: 

Appenzeller discloses a computing entity, wherein the first item comprises the target 
data, and the second item comprises the encrypted first item; the third means being arranged to 
recover the second item, if not provided to the second means in decrypted form by the 
organization, by using the second decryption key obtained from the organization, and subject the 
second item to decryption, using the first decryption key obtained from the first trusted authority, 
to recover the target data (0077; 0082). 

As per claim 5 1 : 

Boneh discloses a computing entity, wherein the first item comprises the target data, the 
second item comprises a nonce, and the first encryption key string comprises, in combination, an 
identifier of said specific individual and said nonce; the third means being arranged to: 

recover the second item, if not provided to the second means in decrypted form by the 
organization, by using the second decryption key obtained from the organization 
(0022-0025), 

combine the nonce that formed the second item with the identifier of said specific 
individual in order to form the first encryption key string to be provided by the 
first means to the first trusted authority (0024, 0040; 0043), and 

use the first decryption key obtained from the first trusted authority to decrypt the first 
item and thereby recover the target data (0043). 



As per claim 52: 
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Boneh discloses a computing entity, wherein the first item comprises first data and the 
second item comprises second data, the data set further comprising said target data encrypted 
using a symmetric key that can be formed by using both said first and second data; the third 
means being arranged to 

recover the first data, if not provided to the first means by the first trusted authority, by 
using the first decryption key obtained from the first trusted authority (0022-0025; 
0043), 

recover the second data, if not provided to the second means in decrypted form by the 
organization, by using the second decryption key obtained from the organization 
(0024, 0040; 0043), 

use the first data and the second data to form said symmetric key, and use the symmetric 
key to decrypt the target data (0043). 

As per claim 53: 

Boneh discloses a computing entity, wherein the data set comprises, in addition to said 
first and second items, said target data encrypted using a first symmetric key, the second item 
comprising a second symmetric key, and the first item comprising the first symmetric key 
encrypted using the second symmetric key; the third means being arranged to: 

recover the first item, if not provided to the first means by the first trusted authority, by 
using the first decryption key obtained from the first trusted authority (0022-0025; 
0043), 
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recover the second item, if not provided to the second means in decrypted form by the 
organization, by using the second decryption key obtained from the organization 
(0024, 0040; 0043), 

use the second symmetric key that formed the second item to decrypt the encrypted first 

symmetric key that formed the first item (0040; 0050) , and 
use the first symmetric key to decrypt the encrypted target data (0040; 0050). 

As per claim 54: 

Boneh discloses a computing entity for recovering target data provided in encrypted form 
as part of an data set that comprises first and second encrypted items both of which must be 
decrypted to recover the target data; the first item being encrypted in dependence on a first 
encryption key string that identifies a specific individual, and first public data; and the second 
item being encrypted in dependence on a second encryption key that identifies a specific 
organization and said specific individual, and second public data; the entity comprising: 

first means for requesting either a first decryption key corresponding to the first 
encryption key, or the first item in decrypted form, and holds first private data 
related to the first public data, the first means being arranged to provide the first 
encryption key string, or the first item, to the first trusted authority when making 
its request (0047; 0070; 0076; 0079); 
second means for requesting either a second decryption key corresponding to the second 
encryption key string, or the second item in decrypted form, from an organization 
accredited by a second trusted authority which holds second private data related to 
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the second public data, the second means being arranged to provide the second 
encryption key string to the organization when making its request (0047; 0070; 
0076; 0079); and 

third means for using the first decryption key, or the first item, provided by the first 

trusted authority and the second decryption key, or the second item, provided by 

the organization, to recover the target data (0058; 0068); 
at least one of the first means and the second means being arranged to authenticate the 

entity to the first trusted authority or said organization as the case may be and to 

receive input therefrom in a secure manner (0058; 0068). 

Appenzeller does not explicitly disclose a first trusted authority which is competent in 
respect of the accreditation of professionals. Boneh, in analogous art, however discloses a first 
trusted authority which is competent in respect of the accreditation of professionals (0053; 0054). 
Therefore, it could have been obvious to a person having ordinary skill in the art at the time the 
invention was made to modify the system disclosed by Appenzeller to include a first trusted 
authority which is competent in respect of the accreditation of professionals. This modification 
could have been obvious because a person having ordinary skill in the art would have been 
motivated to do so to provide a system of encrypting a first piece of information to be sent by a 
sender to a receiver uses an encryption key generated from a second piece of information using a 
bilinear map and the encryption key are used to encrypt at least a portion of the first piece of 
information to be sent from the sender to the receiver. The bilinear map may be symmetric or 
asymmetric as suggested by Boneh in (0110). 
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As per claim 55: 

Appenzeller discloses a computing entity, wherein the first item comprises the target 
data, and the second item comprises the encrypted first item; the third means being arranged to: 
recover the second item, if not provided to the second means in decrypted form by the 
organization, by using the second decryption key obtained from the organization, and subject the 
second item to decryption, using the first decryption key obtained from the first trusted authority, 
to recover the target data (0077; 0082). 

As per claim 56: 

Boneh discloses a computing, wherein the first item comprises the target data, the second 
item comprises a nonce, and the first encryption key string comprises, in combination, an 
identifier of said specific individual and said nonce; the third means being arranged to: 

recover the second item, if not provided to the second means in decrypted form by the 
organization, by using the second decryption key obtained from the organization 
(0022-0025), 

combine the nonce that formed the second item with the identifier of said specific 
individual in order to form the first encryption key string to be provided by the 
first means to the first trusted authority (0024, 0040; 0043), and 

use the first decryption key obtained from the first trusted authority to decrypt the first 
item and thereby recover the target data (0043). 
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As per claim 57: 

Boneh discloses a computing entity, wherein the first item comprises first data and the 
second item comprises second data, the data set further comprising said target data encrypted 
using a symmetric key that can be formed by using both said first and second data; the third 
means being arranged to 

recover the first data, if not provided to the first means by the first trusted authority, by 
using the first decryption key obtained from the first trusted authority (0022-0025; 
0043), 

recover the second data, if not provided to the second means in decrypted form by the 
organization, by using the second decryption key obtained from the organization 
(0024, 0040; 0043), 

use the first data and the second data to form said symmetric key, and use the symmetric 
key to decrypt the target data (0043). 

As per claim 58: 

Boneh discloses a computing entity, wherein the data set comprises, in addition to said 
first and second items, said target data encrypted using a first symmetric key, the second item 
comprising a second symmetric key, and the first item comprising the first symmetric key 
encrypted using the second symmetric key; the third means being arranged to: 

recover the first item, if not provided to the first means by the first trusted authority, by 
using the first decryption key obtained from the first trusted authority (0022-0025; 
0043), 
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recover the second item, if not provided to the second means in decrypted form by the 
organization, by using the second decryption key obtained from the organization 
(0024, 0040; 0043), 

use the second symmetric key that formed the second item to decrypt the encrypted first 

symmetric key that formed the first item (0040; 0050), and 
use the first symmetric key to decrypt the encrypted target data (0040; 0050). 

Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. See the notice of reference cited in form PTO-892 for additional prior art. 

7. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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8. Any inquiry concerning this communication or earlier communications from the 

examiner should be directed to Techane J. Gergiso whose telephone number is (571) 272-3784 
and fax number is (571) 273-3784. The examiner can normally be reached on 9:00am - 6:00pm. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the organization 
where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

/Techane J. Gergiso/ 
Examiner, Art Unit 2437 



/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 



